Why Outsource ISO 27001 Internal Audits to Assent Risk Management
Assent Risk Management’s competent ISO 27001 internal auditors have years of experience in information security, privacy and cyber security which they bring to every audit, helping you identify potential weaknesses that could be exploited and ensuring you remain legally compliant – avoiding fines and negative publicity.
We are on your side and will work collaboratively with you, your IT team and other stakeholders, but we’ll also prepare you for external auditors.
Managing Risks and Remaining Compliant
Risk management forms the core of the ISO 27001, with legal compliance also being a key feature. Our internal auditors prioritise high risk areas of your management system to ensure your get the maximum benefit from the process.
Every ISO 27001 audit programme we manage is compliant with ISO 19011 the standard for auditing management systems, which is evidenced within the audit report so you know you are receiving an industry leading audit.
93 Annex A Controls!
ISO 27001 is unique in having an Annex of 93 controls which organisations must apply or justify excluding.
We audit all applicable controls, while we will take only a sample of records within those controls.
Integrated ISO 27001 Audits
Risk management forms the core of the ISO 27001, with legal compliance also being a key feature. Our internal auditors prioritise high risk areas of your management system to ensure your get the maximum benefit from the process.
Management system standard audits can be integrated with other management systems reducing audit time and repetition.
Assent has auditors with multiple competencies through our leading competency management scheme.
Clients that Trust Us with their ISO 27001 Internal Audits
Frequently Asked Questions (FAQs) about ISO 27001
Any management system standard aligned to Annex SL, such as ISO 27001, feature a requirement to internally check the performance of your management system.
This is in clause 9.2 Internal Audits. The auditors must be competent and impartial from what they are auditing. So outsourcing these audits to Assent makes perfect sense.
ISO 27001 Internal audits vary in cost depending on the complexity of your information security management system.
The complexity of your IT environment, processing activities, regulatory requirements, number of staff, number of locations all have an impact on the time required to complete the audit.
However, a basic audit of a system can be completed in as little as 2 days, at around £1,600 in total.
We don’t consider internal audits a pass or fail exercise, however there might be findings or nonconformances that are raised.
This is not a problem, we can discuss with you what the issue is and help you apply a corrective action.
Yes, if you are already doing internal audits and have a schedule in place, we can pick this up no problem. However we will review the programme against ISO 19011 requirements to make sure it is compliant, and we may suggest improvements.
Yes, you could do, however there are two things to consider.
- Can you prove you are competent to do the audit? External auditors will check.
- Are you auditing your own work? As this is a breach of impartiality.
When running an audit programme we take a risk based approach, covering the high-risk areas more frequently.
As a rule we try to cover the whole system annually, but as a minimum we would expect to cover every clause and process within the three-year cycle.
We will provide an audit schedule and keep this updated.
NO. The internal audit report is sent directly to you as the client. However, the certification body will want to look at your internal audits when they do their external audits, so it’s important to address anything raised in the reports.
Yes! It’s not unusual for us to pick up a programme where the current auditor has left the business or where the company is looking to save money.
